Why does Microsoft Passport suck?

Why does Microsoft Passport suck?

Summary: The Microsoft Passport Network is supposed to be an effortless way to share a single set of logon credentials across multiple sites. Instead, it’s a colossal annoyance. Even Microsoft employees gripe about the inconsistencies and abysmal user experience of Passport. But help may be on the way.

SHARE:
TOPICS: Microsoft
26

The Microsoft Passport Network is supposed to be an effortless way to share a single set of logon credentials across multiple sites. Instead, it’s a colossal annoyance. Even Microsoft employees gripe about the inconsistencies and abysmal user experience of Passport.

How does Microsoft Passport’s sign-in process suck? Let’s count the ways:

  • It keeps popping up, on just about every imaginable Microsoft website (and on a few selected non-Microsoft sites, too).
  • It doesn’t remember your preferences. Even after you click the “Save my e-mail address and password” option, you get prompted to enter your logon credentials every time you visit a Passport-enabled site.
  • It pops up when it shouldn’t pop up. It happened to me last year when I tried to follow links to articles in Microsoft’s Knowledge Base. Thomas Hawk complained about a similar problem earlier this week when he tried to follow a link to a post on the Windows Live Mail Desktop Beta blog (could they make that name any longer?). In both cases, we were using Firefox. Conspiracy theorists, start your engines.
  • It’s from Microsoft. Although the Redmondians appear to have given up on their original grand ambitions of world domination via Passport, it still touches just about every Microsoft website that requires personalization or presence.
  • It keeps getting new names. It started in 1999 as Microsoft Passport, picked up some .NET baggage in 2001, and is now about to be renamed, again: Windows Live ID.

Ah, but that last part may be Passport’s saving grace. Along with the name change, says Microsoft’s Trevin Chow, comes a commitment to rework the whole sign-in experience.

The issues aren’t trivial. A long post entitled "Microsoft Passport 101," written in 2004 by developer Julien Couvreur, described in detail (complete with flowcharts) how the Passport web authentication protocol works. Trevin Chow’s less detailed but earthier post from last month identified security as the number-one issue that makes Passport sign-in suck:

In order to have a secure single sign-on system, you simply cannot have one prompt for a login then be able to access any site. It sounds counter-intuitive, since that's what "single sign-on" seems to imply. This would only be possible if every single website you accessed had the same level of security and data sensitivity. We all know that this is not the case, and instead, sites vary in the level of security needed to protect it.

[…]

Because of this varying levels of data sensitivity, each site in the Passport network configures what we'll call their "security policy" which tells passport parameters to enforce during sign in which is supposed to be directly related to their data sensitivity -- the more sensitive the information therein, the "tighter" the security policy.

Makes sense. As Trevin explains, the security and privacy requirements of a Passport-enabled site like Windows Live, which only stores your personalization information, are very different from those of the MSN Account Management site, which includes personal information and possibly a credit card number.

I think the biggest flaw in the Passport architecture is its use of redirects and cookies to manage the single sign-on process. Cookies may be mostly benign, but they still have real privacy implications, and the constant redirects to the Passport site to pass credentials back and forth create the perception – true or not – that Microsoft is adding new entries in your dossier.

If Passport – sorry, Windows Live ID – is to get a complete overhaul, the goal should be to make it unobtrusive and, if possible, almost completely invisible. In other words, make it not suck.

Microsoft is doing some fascinating work in the field of digital identity systems. (Check out the work of Kim Cameron, the company’s Identity and Access Architect, for more details about the proposed Identity Metasystem.) It’s refreshing to see that Microsoft has embraced the idea that identity management should be a secure, open, interoperable process that you control. It’s your identity, after all.

Topic: Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

26 comments
Log in or register to join the discussion
  • Your Article on Microsoft Passport Sucking So Bad

    Amen brother!
    thomashawk
  • No relevance

    ANY article that tries to use "Microsoft World Domination" as a justification argument immediately loses any credibility. Looks like just another lame gamer complaining, and no need to try to see if his other arguments are valid.
    mharr
    • Not a gamer, sorry

      I own an Xbox 360 but use it solely as a Media Center Extender.

      And there was just a wee bit of itony in that "Microsoft world domination" quote. Sorry if it was too subtle.
      Ed Bott
    • Too bad you don't recognize sarcasm...

      ...when you see it.
      hoohah
  • Worst Article Ever

    These arent reasons at all, they are just minor anyonances. #1 stupid, #2 stupid, #3 stupid, #4 you lost all credibility, and #5 stupid.

    You sir are stupid.
    tsupersonic
    • No it;'s you & Passport that are Stupid

      A great article detailing the typically bad user experience that many of us suffer when we use Passport. We are also forced to use it when dealing with MS so it should be better ad it hasn't improved in years. Obviously being in denial (of poor service) is better for stupid people like you. Let's talk about how bad Passport is. Let us count the ways.
      NewZed
      • Great Article?

        Are you stupid too? It's totally biased against Microsoft! Those are not reasons at all, they are minor anyoances affecting him. I don't have those problems. I can sense you have hatred for Microsoft, that's fine, but Passport does work. It is being improved slowly...
        You haven't really mentioned why Passport sucks, you have no reason to hate it except that you hate Microsoft. So, there proof that you are indeed pathetic. Good day idiot.
        tsupersonic
        • Look who else says it sucks

          You might want to follow all the links in the original post. One of the developers who is actually working on the next generation of Passport, to be called Windows Live ID, is the one who wrote the post entitled "Why Passport sign-in sucks."

          Does he hate Microsoft? Is he an idiot? And what about Microsoft's Mike Torres and Omar Shahine, both of whom have written posts (linked in the first paragraph) expressing their dissatisfaction with Passport? Are they pathetic Microsoft-haters, too?

          Microsoft has acknowledged that the current iteration of Passport doesn't work well and provides a terrible user experience. They're fixing it. Is that so hard to understand?
          Ed Bott
  • WTF?

    First off, the first three or four bullet points all say the same thing, in different ways. You took the same issue, and stated it different ways.

    Second, you evidently missed the point of all the blogs you cut-n-pasted into this blog entry. The point is: because of security requirements high variance, the ability to conform on a single sign on system is difficult.

    Thirdly, if you're going to blog, do it with some credibility. Write something new, informative and worth reading. Don't cut-n-paste your title, body and links from someone else. Also, don't re-write the gist of another blog in yours, all over again. For that, put a hyperlink to the other blog and move on to the next subject.

    Finally: if you're going to blog on a site where readers are accustomed to reading journalism of the quality of some of the other ZDNet writers, you'd better refrain from being so biased.

    Also, get a clue. Yours, and the other whining posts create a lot of noise, without proposing real solutions (plural!).

    As it is, you failed to reference the credible ideas from the engineers of those teams, and failed to reference the fact that *management* is probably responsible for the mishaps of those systems operability shortcomings.

    As it is, if your next article is anything like this, it'll be the last I read of yours.
    kckn4fun
  • I must be stupid, too

    It is refreshing to see the sharp, expressive technical opinions penned so profoundly and professionally in reponse to the article. OK. I lied.

    I've been part of the technology wave generator and washed clean by its power for more than 25 years now. If most of these rediculous talkback responses are indicative of the mental abilities of Ziff-Davis readers in the field, then it's no small wonder that technology fails us so often. The people implementing can't get beyond gee-whiz product bias to be able comprehend the issue.

    My opinon? ANYBODY'S implementation of single sign-on is no better than the old multiple sign-on standard. Single sign-on places all the eggs in one giant identity basket, guards it with fools and forces the same old multiple sign-ons to re-reference the basket. C'mon. It's the Emperor's New Clothes. But it came shrink-wrapped, cost more and had a rebate. I must be stupid, too.
    znewt
  • Maybe I am one of the lucky ones ......

    ***

    I have been a Passport member since it's beginng and I have never had the problems mentioned in the article. I'm not the biggest fan of Microsoft but I don't hate it either. I do not know why some have problems with Passport but it works for me. Maybe I am one of the luckt ones.


    ***
    CharleyO
  • Maybe I am one of the lucky ones ......

    ***

    I have been a Passport member since it's begining and I have never had the problems mentioned in the article. I'm not the biggest fan of Microsoft but I don't hate it either. I do not know why some have problems with Passport but it works for me. Maybe I am one of the luckt ones.


    ***
    CharleyO
  • Maybe I am one of the lucky ones ......

    ***

    I have been a Passport member since it's beginning and I have never had the problems mentioned in the article. I'm not the biggest fan of Microsoft but I don't hate it either. I do not know why some have problems with Passport but it works for me. Maybe I am one of the luckt ones.


    ***
    CharleyO
  • I don't recall the issues with MS Passport

    but I do know that I avoid using MSN Passport whenever asked to log in. I think it is because I have had so many issues over the years that I have avoid MS websites.
    TJGodel
  • Why does Microsoft Passport suck?

    Get a life
    reecurb
  • Remember DigitalMe from Novell?

    This is what MS is following now. It is really interesting that IT experts "discover" old technology when MS is working on this. Why you did not write about identity solutions from Novell and Sun? MS is far behind...
    jbkowalski
  • Passport sucks because it is free

    Very simply. With no customer support, and no guarantee of
    privacy, Passport is not a reliable system to use for identity. If I
    had to pay for it, and therefore new that I had some expectation
    of service, I might trust it.

    Consider. I'm on my *third* Passport ID. I can't sign up for one
    with my real name and email address anymore, because they say
    it already exists. I can't re-activate it because they say that they
    need me to verify my address information. The address
    information they have doesn't match my address because I
    signed up so long ago that they didn't *require* address
    information then. Any solution? Nope. There is no way to
    escalate a support request.

    I got my first Passport ID because I was forced to. I was using
    an early MSN stock tracking system. I was *paying* for that
    system. All of a sudden it required me to use a beta version of
    Passport. Once I got past the bugs, it worked fine for a while.
    Then I decided to sign up for a hotmail account. I tried it, and
    then abandoned it. When they deleted my hotmail account--
    they deleted my passport id. I'm sure the bug is fixed now, but
    it doesn't do me any good. The only solution they could offer
    was to sign up for a new passport id, and set up all my financial
    information again. Somewhere in the bowels of Microsoft's
    servers is lots of information about my stock holdings--but I
    can't access it.

    Fundamentally, I think that centralized authentication where the
    tokens are stored on someone else's server is a bad idea. But if
    you *are* going to do it, then the financial incentives need to be
    structured to provide support to the *customers*, not the
    vendors. So long as Passport is free to consumers, that's not
    going to happen, and customers will continue to get screwed.
    KeeHinckley
  • Microsoift Passport

    I couldn't agree more, I just spent an hour and a half trying to get MSN Net pass to remember 3 passwords. Even after recieving conformations, net pass would not recognise my passwords.The site is useless,leaving me enraged and unable to receive much of my business mail.
    Cal 1 H
  • More trouble than it is worth

    Fortuneately, I only encounter it on one site I need to use. When I use that site, I immediately
    pick up the phnone and talk to a live person
    because I have NEVER successfully logged into
    the system with the Passport credentials.

    The people at the site cannot get my passport to
    work. I have conntacted MS, which sends me thru
    a series of pages which end up telling me a tech
    will contact me about the problem. The tech's
    emails send me back to the exact pages I have just gone thru that didn't work the first time.
    The tech then wants a list of all the I passwords
    I have ever used. Easy, I have only used one
    password. So I send it to him. I get the same
    email asking for all the passwords. Since, if
    I am allowed to choose a password, I only use
    three different passwords, I send him a list of
    all three. (Even though I know which one I've used.) It's been months now, and I still can't
    use my NET passport.
    ward.richard
    • Hello,

      First let me say, I am very biased towards Microsoft, and it is for
      reasons like this. I have never used anything from Microsoft that
      works well for long, even the Virtual PC is crashing. No I am not a
      newbie.
      cashaww